Replace Mcrypt with OpenSSL

Blowfish is the block cipher. It requires the data to be padded before encryption.
OpenSSL uses PKCS#7 and mcrypt uses PKCS#5. Different padding algorythms for data.
Minimal PKCS#5 padding length is 0, for PKCS#7 it’s 1 (wikipedia). Take a look at this example (i’ve manually padded input data for mcrypt_encrypt() in PKCS#7 style):


$key = "anotherpassword1";
$str = "does it work 12";

$enc = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $str."\1", MCRYPT_MODE_ECB);
$dec = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $enc, MCRYPT_MODE_ECB);

$enc = openssl_encrypt($str, 'bf-ecb', $key, true);
$dec = openssl_decrypt($enc, 'bf-ecb', $key, true);


It’s impossible to openssl_decrypt() data encrypted with mcrypt_encrypt(), unless manual data padding was made with PKCS#7 before mcrypt_encrypt() was called.

There is only one way in your case – recrypt the data.

PS: There is an error in your source – ECB mode does not uses IV at all (wikipedia)

Leave a Comment